Configure SSL Authentication

Configure the Smart Data Bridge to authenticate to the Certificate Authority using an SSL client certificate.

The Smart Data Bridge includes scripts for creating a new self-signed certificate, the corresponding private key, and a suitable key store.

To use these scripts, perform the following steps:

  1. Open a command window or shell and run the following commands:

    • For Windows:

      Copy 
      c:\>cd C:\Program Files\HID Global\Smart Data Bridge\smart-data-bridge\bin
      c:\>create-client-certificate.bat -dn name

    • For Linux:

      Copy 
      $ cd /opt/hidglobal/smart_data_bridge/smart-data-bridge/bin
      $ create-client-certificate.sh -dn name

    Where name represents either a simple name that describes your organization or a complete distinguished name, such as CN=HIDGlobalCertificateAuthorityBridge, O=CoreStreet Ltd., C=US.

    • If the name is a complete distinguished name, then it must be enclosed in double-quotation marks and be preceded by the -dn option.

    • If the name is a simple name, then omit the -dn option and enclosure in double-quotation marks.

  2. Press Enter. The script prompts you for a password to protect the new keys.

    Enter keystore password:

  3. Specify a password and press Enter. The script prompts you with:

    Enter key password for <ssl-client-cert> (RETURN if same as keystore password):

    Note: The Smart Data Bridge does not support the use of different keystore and private key passwords.

  4. Press Enter.

  5. Do not specify a separate key password for the SSL client certificate. The script prompts you to confirm the key password:

    Enter keystore password:

  6. Specify the same keystore password from step 2 and press Enter.

    The script notifies you that the SSL client certificate, smart-data-bridge.cer, was created with a message similar to the following (Windows example shown):

    Certificate stored in file <C:\Program Files\HID Global\Smart Data Bridge\smart-data-bridge\data\smart-data-bridge.cer>

    Note: After the certificate is created, install it in the Validation Authority as a client certificate for the Management Console user account; that is the one that will be used to enter certificate revocation from the Smart Data Bridge.

  7. Modify the smart-data-bridge/conf/smart-data-bridge.bml file to specify the appropriate settings for the useClientCertificate, keyStoreFile, and keyStorePassword properties. For information, see section ‘smart-data-bridge/conf/smart-data-bridge.bml'.

  8. Modify additional configuration files as described in the Modify Configuration Files.